Contemporary computer security software packages have many features and configuration options. Users at both the enterprise and individual level frequently do not know how to effectively configure their security products, and have no hard quantitative data about the efficacy of different features or settings. Instead, customers deploy security software products of unknown effectiveness, and either use default settings or attempt to configure the numerous options with limited or no understanding of the implications.
A similar issue applies to vendors of security software. They instruct potential customers to deploy specific products and activate certain features, promising better protection against malicious activity once having done so. However, the vendors do not have any proof or quantification of the benefits provided by the systems they are selling. Instead, customers must take the vendors word that the product is effective. This makes sales far more difficult.
It would be desirable to address these issues.